vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

* grub-core/fs/bfs.c (read_bfs_file): Fix overflow with over 2TiB

Browse source 
filesystems.
This commit is contained in:
Vladimir 'phcoder' Serbinenko 2012-05-06 16:20:55 +02:00
parent 62ace64dd9
commit 24e9a854b8
2 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
2012-05-06 Vladimir Serbinenko <phcoder@gmail.com>
* grub-core/fs/bfs.c (read_bfs_file): Fix overflow with over 2TiB
filesystems.
2012-05-06 Vladimir Serbinenko <phcoder@gmail.com> 2012-05-06 Vladimir Serbinenko <phcoder@gmail.com>
* grub-core/fs/affs.c (grub_affs_read_block): Fix theoretical overflow. * grub-core/fs/affs.c (grub_affs_read_block): Fix theoretical overflow.

10
grub-core/fs/bfs.c
View file

@ -225,7 +225,7 @@ read_bfs_file (grub_disk_t disk,
for (i = 0; i < ARRAY_SIZE (ino->direct); i++) for (i = 0; i < ARRAY_SIZE (ino->direct); i++)
{ {
grub_uint64_t newpos; grub_uint64_t newpos;
newpos = pos + (grub_bfs_to_cpu16 (ino->direct[i].len) newpos = pos + (((grub_uint64_t) grub_bfs_to_cpu16 (ino->direct[i].len))
<< grub_bfs_to_cpu32 (sb->log2_bsize)); << grub_bfs_to_cpu32 (sb->log2_bsize));
if (newpos > off) if (newpos > off)
{ {
@ -261,7 +261,7 @@ read_bfs_file (grub_disk_t disk,
grub_err_t err; grub_err_t err;
grub_uint64_t pos = (grub_bfs_to_cpu64 (ino->max_direct_range) grub_uint64_t pos = (grub_bfs_to_cpu64 (ino->max_direct_range)
<< RANGE_SHIFT); << RANGE_SHIFT);
nentries = (grub_bfs_to_cpu16 (ino->indirect.len) nentries = (((grub_size_t) grub_bfs_to_cpu16 (ino->indirect.len))
<< (grub_bfs_to_cpu32 (sb->log2_bsize) - LOG_EXTENT_SIZE)); << (grub_bfs_to_cpu32 (sb->log2_bsize) - LOG_EXTENT_SIZE));
entries = grub_malloc (nentries << LOG_EXTENT_SIZE); entries = grub_malloc (nentries << LOG_EXTENT_SIZE);
if (!entries) if (!entries)
@ -271,7 +271,7 @@ read_bfs_file (grub_disk_t disk,
for (i = 0; i < nentries; i++) for (i = 0; i < nentries; i++)
{ {
grub_uint64_t newpos; grub_uint64_t newpos;
newpos = pos + (grub_bfs_to_cpu16 (entries[i].len) newpos = pos + (((grub_uint64_t) grub_bfs_to_cpu16 (entries[i].len))
<< grub_bfs_to_cpu32 (sb->log2_bsize)); << grub_bfs_to_cpu32 (sb->log2_bsize));
if (newpos > off) if (newpos > off)
{ {
@ -310,7 +310,7 @@ read_bfs_file (grub_disk_t disk,
grub_size_t nl1_entries, nl2_entries; grub_size_t nl1_entries, nl2_entries;
grub_off_t last_l1n = ~0ULL; grub_off_t last_l1n = ~0ULL;
grub_err_t err; grub_err_t err;
nl1_entries = (grub_bfs_to_cpu16 (ino->double_indirect.len) nl1_entries = (((grub_uint64_t) grub_bfs_to_cpu16 (ino->double_indirect.len))
<< (grub_bfs_to_cpu32 (sb->log2_bsize) - LOG_EXTENT_SIZE)); << (grub_bfs_to_cpu32 (sb->log2_bsize) - LOG_EXTENT_SIZE));
l1_entries = grub_malloc (nl1_entries << LOG_EXTENT_SIZE); l1_entries = grub_malloc (nl1_entries << LOG_EXTENT_SIZE);
if (!l1_entries) if (!l1_entries)
@ -359,7 +359,7 @@ read_bfs_file (grub_disk_t disk,
} }
if (l1n != last_l1n) if (l1n != last_l1n)
{ {
nl2_entries = (grub_bfs_to_cpu16 (l1_entries[l1n].len) nl2_entries = (((grub_uint64_t) grub_bfs_to_cpu16 (l1_entries[l1n].len))
<< (grub_bfs_to_cpu32 (sb->log2_bsize) << (grub_bfs_to_cpu32 (sb->log2_bsize)
- LOG_EXTENT_SIZE)); - LOG_EXTENT_SIZE));
if (nl2_entries > (1U << (grub_bfs_to_cpu32 (sb->log2_bsize) if (nl2_entries > (1U << (grub_bfs_to_cpu32 (sb->log2_bsize)